Security News

The operators behind the now-defunct Inferno Drainer created more than 16,000 unique malicious domains over a span of one year between 2022 and 2023. The scheme “leveraged high-quality phishing...

A Phemedrone information-stealing malware campaign exploits a Microsoft Defender SmartScreen vulnerability to bypass Windows security prompts when opening URL files. The Microsoft Defender flaw exploited in the Phemedrone campaign is CVE-2023-36025, which was fixed during the November 2023 Patch Tuesday, where it was marked as actively exploited in attacks.

Criminals are exploiting a Windows Defender SmartScreen bypass vulnerability to infect PCs with Phemedrone Stealer, a malware strain that scans machines for sensitive information - passwords, cookies, authentication tokens, you name it - to grab and leak. That file exploits CVE-2023-36025 to evade the Windows SmartScreen as it downloads and opens a.cpl file, which is a Windows control panel item.

Hackers have been exploiting the two zero-day vulnerabilities in Ivanti Connect Secure disclosed this week since early December to deploy multiple families of custom malware for espionage purposes. Zipline Passive Backdoor: custom malware that can intercept network traffic, supports upload/download operations, creating reverse shells, proxy servers, server tunneling.

As many as five different malware families were deployed by suspected nation-state actors as part of post-exploitation activities leveraging two zero-day vulnerabilities in Ivanti Connect Secure...

In a report published on Thursday, security shop Recorded Future warns that GitHub's infrastructure is frequently abused by criminals to support and deliver malware. GitHub domains are seldom blocked by corporate networks, making it a reliable hosting site for malware.

A threat actor called Water Curupira has been observed actively distributing the PikaBot loader malware as part of spam campaigns in 2023. “PikaBot’s operators ran phishing campaigns, targeting...

TL;DR: Protect your computer from common viruses and other forms of malware, including ransomware and rootkits, with the ESET NOD32 Antivirus 2024 Edition, on sale for just $24.99 through January 14. Are your company's computers adequately protected for the new year? If not, then consider upgrading to the ESET NOD32 Antivirus 2024 Edition - offered at a discounted price through January 14.

About Bruce Schneier I am a public-interest technologist, working at the intersection of security, technology, and people. I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

A campaign delivering the AsyncRAT malware to select targets has been active for at least the past 11 months, using hundreds of unique loader samples and more than 100 domains. Microsoft security researcher Igal Lytzki spotted the attacks delivered over hijacked email threads last summer but couldn't retrieve the final payload. In September, AT&T's Alien Labs team of researchers noticed "a spike in phishing emails, targeting specific individuals in certain companies" and started to investigate.